[rsyslog] Weird problems when combining rsyslog 3 and 4
Luis Fernando Muñoz Mejías
Luis.Fernando.Munoz.Mejias at cern.ch
Thu Mar 26 15:28:30 CET 2009
Hi,
I have a funny problem. Around here we have a number of nodes using
old, syslogd, which report to their headnodes, which use rsyslog v3,
wich keep relaying till I get a small copy on a test box. This test box
uses, since yesterday, rsyslog v4.
I noticed that for rsyslog v4, the last relay is considered to be the
source host, the real source host is considered to be the syslogtag and
everything else is inside the %msg% property. For the default template,
I get messages like these:
2009-03-26T00:00:00+01:00 relayhost sourcehost1 cvs: GSSAPI userok:
cvsadmin GSS_C_MUTUAL_FLAG GSS_C_REPLAY_FLAG GSS_C_INTEG_FLAG
GSS_C_CONF_FLAG
2009-03-26T00:00:00+01:00 relayhost sourcehost2 cvs: GSSAPI userok:
cvsadmin GSS_C_MUTUAL_FLAG GSS_C_REPLAY_FLAG GSS_C_INTEG_FLAG
GSS_C_CONF_FLAG
And, as I used to have a single file per host, I now have a single, huge
"relayhost" file. Filters based on source or program name are broken, of
course.
What did I screw when upgrading?
Thanks.
--
Luis Fernando Muñoz Mejías
Luis.Fernando.Munoz.Mejias at cern.ch
More information about the rsyslog
mailing list